browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed plaintext credentials directly in commands (e.g., agent-browser fill @e3 "password123"), which instructs the agent to include secret values verbatim and poses a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's core workflow explicitly navigates to arbitrary URLs (agent-browser open ) and snapshots page content (agent-browser snapshot -i) so the agent fetches and interprets untrusted public web pages (see Data Extraction and Examples) which can directly drive clicks/fills/next actions.